Cryptology ePrint Archive: Report 2013/806

Efficient (Anonymous) Compact HIBE From Standard Assumptions

Somindu C. Ramanna and Palash Sarkar

Abstract: We present two hierarchical identity-based encryption (HIBE) schemes, denoted as $\ahibe$ and $\hibe$,
from Type-3 pairings with constant sized ciphertexts. Scheme $\ahibe$ achieves anonymity while $\hibe$ is non-anonymous.
The constructions are obtained by extending the IBE scheme recently proposed by Jutla and Roy (Asiacrypt 2013).
Security is based on the standard decisional Symmetric eXternal Diffie-Hellman (SXDH) assumption. In terms of provable
security properties, previous direct
constructions of constant-size ciphertext HIBE had one or more of the following drawbacks: security in the weaker model of
selective-identity attacks; exponential security degradation in the depth of the HIBE; and use of non-standard assumptions.
The security arguments for $\ahibe$ and $\hibe$ avoid all of these drawbacks.
These drawbacks can also be avoided by obtaining HIBE schemes by specialising schemes for hierarchical inner product
encryption; the downside is that the resulting efficiencies are inferior to those of the schemes reported here. Currently,
there is no known anonymous HIBE scheme having the security properties of $\ahibe$ and comparable efficiency. An
independent work by Chen and Wee describes a non-anonymous HIBE scheme with security claims and efficiency similar to that of
$\hibe$; we note though that in comparison to $\hibe$, the Chen-Wee HIBE scheme has larger ciphertexts and less efficient
encryption and decryption algorithms. Based on the current state-of-the-art, $\ahibe$ and $\hibe$ are the schemes of choice
for efficient implementation of (anonymous) HIBE constructions.